sysctl related PodSecurityPolicy spec since 1.12 (#3743)
This commit is contained in:
parent
c5e425b02b
commit
b15e685a0b
1 changed files with 9 additions and 0 deletions
|
@ -43,6 +43,10 @@ spec:
|
|||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
{% if kube_version is version('v1.12.1', '>=') %}
|
||||
forbiddenSysctls:
|
||||
- '*'
|
||||
{% endif %}
|
||||
---
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
|
@ -75,3 +79,8 @@ spec:
|
|||
fsGroup:
|
||||
rule: 'RunAsAny'
|
||||
readOnlyRootFilesystem: false
|
||||
{% if kube_version is version('v1.12.1', '>=') %}
|
||||
# This will fail if allowed-unsafe-sysctls is not set accordingly in kubelet flags
|
||||
allowedUnsafeSysctls:
|
||||
- '*'
|
||||
{% endif %}
|
||||
|
|
Loading…
Reference in a new issue